13

I am currently sharing a WiFi network with my neighbor. We are on the same network. I never set up as a Guest.

My questions are:

  • whether or not this person can see the sites I visit, the info I input on messages, business sites, and retail sites;

  • if this person can see my personal e-mail messages, and facebook messages.

I don't know if you have to be tech savvy to be able to do this if this person chose so too.

techraf
  • 9,159
  • 11
  • 45
  • 63

3 Answers3

14

Someone who has administrative access to the network you are connecting to can:

  1. View the IP address and domain names of the site you're connecting to (based on DNS query and/or SNI in TLS) and which email provider you're using, irrespective of encryption. You can prevent this by using encrypted third party DNS (e.g. DNSCurve to OpenDNS).
  2. The location of your access point (this is of little concern for you as you're physically neighbors anyway).
  3. View and modify the content of any unencrypted traffic, including session keys/cookies, and passwords if they're traveling over unencrypted connection. View and modify emails traveling over unencrypted POP, IMAP, SMTP, or unencrypted web mail.
  4. Block access to any site or protocol, irrespective of encryption. This may in many cases be circumvented with a VPN/proxy. In extreme cases, the administrator may block all proxies, VPN, and Tor.
  5. View and modify encrypted Wi-Fi packets and its content, that is not further encrypted (e.g. with TLS)

They can't:

  1. View and/or modify content, session keys/cookies, or password traveling inside end-to-end or user-to-service encryption (e.g. PGP, TLS). Snooping into these type of encryption can only be done if your neighbor installed a malware/certificate in your computer
  2. View or modify the content of emails or who you are sending email to when using POPS, IMAPS, SMTPS, or encrypted web mail.

Doing these kinds of interceptions do require a little tech saviness, but it's not actually that difficult if they really wanted to learn how to snoop on you.

Also note that there are a number of other non privacy risks with sharing connection with others. For example, if your neighbor accessed illegal activity, they could potentially implicate that on you and you could be dragged into these legal problems.

Lie Ryan
  • 31,459
  • 6
  • 70
  • 94
  • tl;dr: the 3rd point pretty much answers it that an administrator can indeed look at the content. – Shritam Bhowmick Apr 25 '16 at 05:21
  • Both "They can't"s are essentially the same. – bot47 Apr 25 '16 at 10:22
  • 1
    "administrative" -- this question isn't about administrative access, but normal access. – Yakk Apr 25 '16 at 14:01
  • Actually, your second point (2.2) is wrong in most of cases. As you can read here and many other places, view and modify emails sent with SMTP(s) is not a big deal if the SMTP server accept STARTTLS, because this method’s handshake is plain text. To assure you’re safe, always force SSL and disable STARTTLS. However, encrypted web mails are fine. – Gui-Don Apr 25 '16 at 15:19
  • What is meant by "administrative" here? Is that when you type in this IP address in your browser and have the ability to configure the router from there? Couldn't OP just set a password to the router's configuration? Or can his neighbor do those things you mentioned just from being connected to OP's WiFi? – Fiksdal Apr 25 '16 at 15:36
  • 1
    @Fiksdal: "administrative" here means that OP's neighbor has administrator control of one of the router that OP's Internet connection passes through. The premise of this question is that OP is piggybacking over his neighbor's internet connection, so OP doesn't have admin control in his neighbor's router. – Lie Ryan Apr 26 '16 at 12:09
  • @Gui-Don: good point about opportunistic encryption. Personally, I don't consider opportunistic encryption as true encryption, but people might not realize that their email client may still drop to unencrypted when using STARTTLS. – Lie Ryan Apr 26 '16 at 12:16
  • @LieRyan I see. Even though it's still in OP's name. – Fiksdal Apr 26 '16 at 16:36
1

Wifi (even with password) is usually set up as being security equivalent to an open wired network (plug in to network, you are presumed to supposed to be on it).

All communcation by any party on the network is fully visible. Security can be applied on top of the unsecured communication, but an open wired network has next to no security built-in (other than being able to physically connect to the wires).

Some wired networks packet switch, where only the packets you are supposed to see are sent to you. Wifi networks are not that secure, they are as only secure as the wired networks that send every packet to everyone (which is not very).

Other users on such a network can view easily, and modify with some difficulty, data you transfer over unencrypted protocols.

Now, on top of the network layer, you can have a secure layer; with good protocols, the insecurity of the network layer won't matter (that much -- the network layer could still deny service).

Communication over a secure protocol will thus remain private.

However, DNS lookups are not that private. DNSsec provides origin authentication of DNS data, but not confidentiality. So even over https, someone on your open wired network (or wireless-equivalent wifi) can tell what websites you are visiting. With https, they won't see what you are looking at, but they will know what websites.

Similar secure protocols exist for email and other services; often, the place you are connecting to is public, but what you communicate is private.

If you install something like Tor, or use a secure VPN, you can make the lack of privacy on your wifi not important.

I do not know the security state of facebook messages. But, presuming the engineers are competent (encryption/security is hard, so not guaranteed), it is probably roughly as secure as https, where the fact you are using facebook messages is public, but what and to whom you are sending it is not.

On top of the above, if they have access to your wifi, they could try some man-in-the-middle attacks; things like protocol degrading to an easier to break protocol. This is relatively advanced, can be mitigated by upgrading either the client (your web browser) or the server (to refuse to provide insecure protocol connections), and is not nearly as passive as what can be gathered over insecure connections.

The easy way to to mitigate this is to set up a guest wifi. With a poor configuration they might be able to do some mischief, but the level of sofistication goes from "relatively easy" (most of the above) to "it would be easier for them to hack your router".

There are wifi networks that provide "packet switching" (or better) levels of security (Like WPA2 Enterprise). You probably are not using one.

Yakk
  • 584
  • 2
  • 7
-4

Any unencrypted data sent over Wi-Fi is potentially vulnerable. Some questions:

  • Is the connection encrypted? (look for WEP, WPA, or WPA2 in the connection details)
  • Are you using a virtual private network or IPsec?
  • Are the sites you are visiting using encrypted connections? (in particular, look for a lock icon in the URL bar)

If you answered yes to any of those questions, then your data should be safe.

Also bear in mind that it's very unlikely that your neighbors would snoop like that - in most Western and Westernized countries, eavesdropping on communications is illegal.

unor
  • 1,779
  • 1
  • 19
  • 40
user1258361
  • 420
  • 2
  • 13
  • 2
    In this case it wouldn't matter if they were using WEP, WPA, or WPA2. The key is a PSK (I doubt this guy knows how to setup AD/LDAP to use seperate WPA2 keys). All the traffic would be readable by anyone with the passprhrase. Just FYI. – Daisetsu Apr 25 '16 at 05:47
  • 6
    "Won't happen because it's forbidden?" - I don't think that's how it works... – bot47 Apr 25 '16 at 10:24
  • Please look up "Firesheep" and news articles online about reporters using Firesheep at coffeeshops in order to snoop. Firesheep, alone, invalidates much of your answer. – schroeder Apr 25 '16 at 14:42
  • This is a bad answer. If anyone is on the same network as you its very possible traffic can be sniffed. Especially with WPA or WPA2 as the encryption is a PSK. – Jeff Meigs Apr 25 '16 at 15:00
  • 2
    this is not the level of simplification expected here. (even more so since most of this answer is basically wrong) (also, 2003 called, they wanted to let you know that WEP is not safe anymore) – njzk2 Apr 25 '16 at 15:03
  • 1
    To reiterate njzk2's comment, to tell someone that using WEP is safe, is negligent at worst, extremely ignorant at best. – Allison Wilson Apr 25 '16 at 17:01